Cache-Zoomer: On-demand High-resolution Cache Monitoring for Security

Information leakage through timing channels is an increasing threat in most computer systems. Among various hardware components, the CPU caches expose the largest attack surface for timing channels since they are usually shared among multiple processor cores. Recently, cache-based covert timing channels have been exploited by well-known attacks, such as Meltdown, for information leakage. Prior works have explored use of existing hardware performance counters linked to caches in order to detect covert channels. Unfortunately, current hardware performance counters only capture a single cache-wide statistic relating to the activities of an entire cache. As a result, such coarse-grained cache monitoring is very unlikely to capture the adversaries that typically work with limited subsets of cache blocks. To solve the resolution problem in existing cache hardware performance counters, we propose Cache-Zoomer, a framework that provides on-demand high-resolution cache monitoring. Cache-Zoomer uses a small set of configuration registers for on-demand monitoring of specific regions in the cache. At runtime, Cache-Zoomer dynamically selects the cache sub-areas with high frequency of miss patterns for improved monitoring. We demonstrate the efficiency of Cache-Zoomer on various types of cache timing channel attacks with different bandwidths. Our results show that Cache-Zoomer is able to swiftly detect all the cache timing channels studied, while incurring negligible (< 1%) area and power overheads. Our proposed Cache-Zoomer is versatile and can be adapted to other applications such as performance analysis as well.

[1]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[2]  Milos Doroslovacki,et al.  Detecting Hardware Covert Timing Channels , 2016, IEEE Micro.

[3]  Simha Sethumadhavan,et al.  Side-channel vulnerability factor: A metric for measuring information leakage , 2012, 2012 39th Annual International Symposium on Computer Architecture (ISCA).

[4]  Milos Doroslovacki,et al.  Are Coherence Protocol States Vulnerable to Information Leakage? , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[5]  Yunsi Fei,et al.  A novel cache bank timing attack , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[6]  Ruby B. Lee,et al.  CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds , 2016, RAID.

[7]  Prabhat Mishra,et al.  A Survey of Side-Channel Attacks on Caches and Countermeasures , 2017, Journal of Hardware and Systems Security.

[8]  Sparsh Mittal,et al.  A Survey of Techniques for Improving Security of GPUs , 2018, Journal of Hardware and Systems Security.

[9]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[10]  Josep Torrellas,et al.  Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[11]  Milos Doroslovacki,et al.  Prefetch-guard: Leveraging hardware prefetches to defend against cache timing channels , 2018, 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[12]  Yongbo Li,et al.  SIMBER: Eliminating Redundant Memory Bound Checks via Statistical Inference , 2017, SEC.

[13]  Guru Venkataramani,et al.  CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[14]  Domenic Forte,et al.  Power-based Side-Channel Instruction-level Disassembler , 2018, 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).

[15]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[16]  Andrew Ferraiuolo,et al.  SecDCP: Secure dynamic cache partitioning for efficient timing channel protection , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[17]  Debendra Das Sharma Intel® 5520 chipset: An I / O hub chipset for server, workstation, and high end desktop , 2009 .

[18]  David R. Kaeli,et al.  A Novel Side-Channel Timing Attack on GPUs , 2017, ACM Great Lakes Symposium on VLSI.

[19]  Yongbo Li,et al.  StatSym: Vulnerable Path Discovery through Statistics-Guided Symbolic Execution , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[20]  Guru Prasadh V. Venkataramani,et al.  Low-cost and efficient architectural support for correctness and performance debugging , 2009 .

[21]  Alexandros G. Dimakis,et al.  Understanding contention-based channels and using them for defense , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[22]  Zhenyu Wu,et al.  Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud , 2015, IEEE/ACM Transactions on Networking.

[23]  Cloyce D. Spradling SPEC CPU2006 benchmark tools , 2007, CARN.

[24]  Andrey Bogdanov,et al.  Cache timing attacks on recent microarchitectures , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[25]  H. Howie Huang,et al.  Exploring Dynamic Redundancy to Resuscitate Faulty PCM Blocks , 2014, JETC.

[26]  Christophe Clavier,et al.  Simple Power Analysis on AES Key Expansion Revisited , 2014, CHES.

[27]  Dmitry V. Ponomarev,et al.  Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations , 2016, CCS.

[28]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[29]  DemmeJohn,et al.  On the feasibility of online malware detection with performance counters , 2013 .

[30]  Milos Doroslovacki,et al.  COTSknight: Practical Defense against Cache Timing Channel Attacks using Cache Monitoring and Partitioning Technologies , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[31]  Guru Venkataramani,et al.  Tradeoffs in fine-grained heap memory protection , 2006, ASID '06.

[32]  Mathias Payer,et al.  HexPADS: A Platform to Detect "Stealth" Attacks , 2016, ESSoS.

[33]  Guru Venkataramani,et al.  DeFT: Design space exploration for on-the-fly detection of coherence misses , 2011, TACO.

[34]  Milos Prvulovic,et al.  EDDIE: EM-based detection of deviations in program execution , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[35]  Guru Venkataramani,et al.  MemTracker: An accelerator for memory debugging and monitoring , 2009, TACO.

[36]  Ankur Srivastava,et al.  Correlation power analysis attack against STT-MRAM based cyptosystems , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[37]  Mehmet Kayaalp,et al.  A high-resolution side-channel attack on last-level cache , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[38]  John L. Henning SPEC CPU2006 benchmark descriptions , 2006, CARN.

[39]  Milos Doroslovacki,et al.  Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures , 2017, ACM Great Lakes Symposium on VLSI.

[40]  Marco Chiappetta,et al.  Real time detection of cache-based side-channel attacks using hardware performance counters , 2016, Appl. Soft Comput..

[41]  Guru Venkataramani,et al.  An algorithm for detecting contention-based covert timing channels on shared hardware , 2014, HASP@ISCA.

[42]  H. Howie Huang,et al.  RePRAM: Re-cycling PRAM faulty blocks for extended lifetime , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[43]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[44]  Paul England,et al.  Resource management for isolation enhanced cloud services , 2009, CCSW '09.

[45]  Milos Doroslovacki,et al.  DFS covert channels on multi-core platforms , 2017, 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).

[46]  Austin Harris,et al.  Cyclone: Detecting Contention-Based Cache Information Leaks Through Cyclic Interference , 2019, MICRO.

[47]  Milos Prvulovic,et al.  Quantifying information leakage in a processor caused by the execution of instructions , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[48]  Vivek De,et al.  Integrated all-digital low-dropout regulator as a countermeasure to power attack in encryption engines , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[49]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[50]  Mehmet Kayaalp,et al.  RIC: Relaxed Inclusion Caches for mitigating LLC side-channel attacks , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[51]  Gernot Heiser,et al.  CATalyst: Defeating last-level cache side channel attacks in cloud computing , 2016, 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[52]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[53]  Josep Torrellas,et al.  ReplayConfusion: Detecting cache-based covert channel attacks using record and replay , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).